On Apr 07, 2006, at 20:00, Mark Nottingham wrote:
> OK. I've made my case and have heard from some individuals; it
> seems like there's agreement that automatically setting Referer
> shouldn't be disallowed, but disagreement about whether it should
> be overridable. I'd like to hear the WG's opinion on the matter.
It's been added to the agenda, though given the pile of stuff we have
it may be a while before we get around to it.
So far however I haven't heard a convincing case that Referer-based
content protection was a generally smart and safe thing to do that
should be encouraged by the browsers' security model. Barring a
stronger case for this restriction I'd be surprised to see a
resolution in that direction.
--
Robin Berjon
Senior Research Scientist
Expway, http://expway.com/